Skip to content

Commit

Permalink
AuthPolicy upgrade to v2 tests
Browse files Browse the repository at this point in the history
  • Loading branch information
azgabur committed Oct 25, 2023
1 parent 88fed67 commit 9cb8f26
Show file tree
Hide file tree
Showing 18 changed files with 70 additions and 57 deletions.
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
"""Test condition to skip the response section of AuthConfig"""
import pytest

from testsuite.objects import Property, Rule, Value
from testsuite.objects import Rule, Value
from testsuite.utils import extract_response


@pytest.fixture(scope="module")
def authorization(authorization):
"""Add to the AuthConfig response, which will only trigger on POST requests"""
authorization.responses.add_json(
"simple", [Property("data", Value("response"))], when=[Rule("context.request.http.method", "eq", "POST")]
"simple", {"data": Value("response")}, when=[Rule("context.request.http.method", "eq", "POST")]
)
return authorization

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
from testsuite.objects import Credentials


@pytest.fixture(scope="module", params=["authorization_header", "custom_header", "query", "cookie"])
@pytest.fixture(scope="module", params=["authorizationHeader", "customHeader", "queryString", "cookie"])
def credentials(request):
"""Location where are auth credentials passed"""
return Credentials(request.param, "APIKEY")
Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
"""Basic tests for extended properties"""
import pytest

from testsuite.objects import Value, ValueFrom, ExtendedProperty
from testsuite.objects import Value, ValueFrom
from testsuite.utils import extract_response


Expand All @@ -16,14 +16,15 @@ def authorization(authorization, rhsso):
authorization.identity.add_oidc(
"rhsso",
rhsso.well_known["issuer"],
extended_properties=[
ExtendedProperty("property_static", Value("static")),
# ValueFrom points to the request uri
ExtendedProperty("property_dynamic", ValueFrom("context.request.http.path")),
ExtendedProperty("property_chain_static", ValueFrom("auth.identity.property_static")),
ExtendedProperty("property_chain_dynamic", ValueFrom("auth.identity.property_dynamic")),
ExtendedProperty("property_chain_self", ValueFrom("auth.identity.property_chain_self"), overwrite=True),
],
defaults_properties={
"property_static": Value("static"),
"property_dynamic": ValueFrom("context.request.http.path"),
"property_chain_static": ValueFrom("auth.identity.property_static"),
"property_chain_dynamic": ValueFrom("auth.identity.property_dynamic"),
},
overrides_properties={
"property_chain_self": ValueFrom("auth.identity.property_chain_self"),
},
)
authorization.responses.add_simple("auth.identity")
return authorization
Expand Down
Original file line number Diff line number Diff line change
@@ -1,25 +1,27 @@
"""https://github.com/Kuadrant/authorino/pull/399"""
import pytest

from testsuite.objects import ExtendedProperty, Value
from testsuite.objects import Value
from testsuite.utils import extract_response


@pytest.fixture(scope="module")
def authorization(authorization):
"""
Add plain authentication with three extended properties:
explicit False, explicit True and missing which should be default False.
Add plain authentication with defaults and overrides properties.
Add simple response to expose `auth.identity` part of AuthJson
"""
authorization.identity.add_plain(
"plain",
"context.request.http.headers.x-user|@fromstr",
extended_properties=[
ExtendedProperty("name", Value("bar"), overwrite=False),
ExtendedProperty("age", Value(35), overwrite=True),
ExtendedProperty("group", Value("admin")),
],
defaults_properties={
"name": Value("bar"),
"group": Value("admin"),
},
overrides_properties={
"age": Value(35),
"expire": Value("1-12-1999"),
},
)
authorization.responses.add_simple("auth.identity")

Expand All @@ -28,9 +30,10 @@ def authorization(authorization):

def test_overwrite(client):
"""
Test the ExtendedProperty overwrite functionality overwriting the value in headers when True.
Test overriding and defaults capability. Defaults must not override the value in header but Overrides must do so.
"""
response = client.get("/get", headers={"x-user": '{"name":"foo","age":30,"group":"guest"}'})
response = client.get("/get", headers={"x-user": '{"name":"foo","age":30}'})
assert extract_response(response)["name"] % "MISSING" == "foo"
assert extract_response(response)["age"] % "MISSING" == 35
assert extract_response(response)["group"] % "MISSING" == "guest"
assert extract_response(response)["group"] % "MISSING" == "admin"
assert extract_response(response)["expire"] % "MISSING" == "1-12-1999"
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
"""https://github.com/Kuadrant/authorino/blob/main/docs/user-guides/token-normalization.md"""
import pytest
from testsuite.objects import Value, ValueFrom, ExtendedProperty, Rule
from testsuite.objects import Value, ValueFrom, Rule
from testsuite.httpx.auth import HeaderApiKeyAuth, HttpxOidcClientAuth


Expand Down Expand Up @@ -37,10 +37,12 @@ def authorization(authorization, rhsso, api_key):
authorization.identity.add_oidc(
"rhsso",
rhsso.well_known["issuer"],
extended_properties=[ExtendedProperty("roles", ValueFrom("auth.identity.realm_access.roles"))],
overrides_properties={"roles": ValueFrom("auth.identity.realm_access.roles")},
)
authorization.identity.add_api_key(
"api_key", selector=api_key.selector, extended_properties=[ExtendedProperty("roles", Value(["admin"]))]
"api_key",
selector=api_key.selector,
defaults_properties={"roles": Value(["admin"])},
)

rule = Rule(selector="auth.identity.roles", operator="incl", value="admin")
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,18 +4,18 @@

import pytest

from testsuite.objects import Property, ValueFrom
from testsuite.objects import ValueFrom


@pytest.fixture(scope="module")
def authorization(authorization):
"""Setup AuthConfig for test"""
authorization.responses.add_json(
"auth-json",
[
Property("auth", ValueFrom("auth.identity")),
Property("context", ValueFrom("context.request.http.headers.authorization")),
],
{
"auth": ValueFrom("auth.identity"),
"context": ValueFrom("context.request.http.headers.authorization"),
},
)
return authorization

Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
"""Tests for the functionality of the deep-evaluator metric samples"""
import pytest

from testsuite.objects import Property, Value
from testsuite.objects import Value


@pytest.fixture(scope="module")
Expand All @@ -25,7 +25,7 @@ def authorization(authorization, mockserver_expectation):
authorization.identity.add_anonymous("anonymous", metrics=True)
authorization.authorization.add_opa_policy("opa", "allow { true }", metrics=True)
authorization.metadata.add_http("http", mockserver_expectation, "GET", metrics=True)
authorization.responses.add_json("json", [Property("auth", Value("response"))], metrics=True)
authorization.responses.add_json("json", {"auth": Value("response")}, metrics=True)

return authorization

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

import pytest

from testsuite.objects import Property, Value
from testsuite.objects import Value
from testsuite.openshift.objects.auth_config import AuthConfig


Expand All @@ -15,7 +15,7 @@ def authorization(authorino, blame, openshift, module_label, proxy, wildcard_dom
auth = AuthConfig.create_instance(
openshift, blame("ac"), None, hostnames=[wildcard_domain], labels={"testRun": module_label}
)
auth.responses.add_json("header", [Property("anything", Value("one"))])
auth.responses.add_json("header", {"anything": Value("one")})
return auth


Expand All @@ -26,7 +26,7 @@ def authorization2(authorino, blame, openshift2, module_label, proxy, wildcard_d
auth = AuthConfig.create_instance(
openshift2, blame("ac"), None, hostnames=[wildcard_domain], labels={"testRun": module_label}
)
auth.responses.add_json("header", [Property("anything", Value("two"))])
auth.responses.add_json("header", {"anything": Value("two")})
return auth


Expand Down
6 changes: 2 additions & 4 deletions testsuite/tests/kuadrant/authorino/operator/http/conftest.py
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
"""Conftest for all tests requiring custom deployment of Authorino"""
import pytest

from testsuite.objects import Property, Value
from testsuite.objects import Value
from testsuite.httpx import HttpxBackoffClient
from testsuite.openshift.objects.auth_config import AuthConfig
from testsuite.openshift.objects.route import OpenshiftRoute
Expand All @@ -13,9 +13,7 @@ def authorization(authorization, wildcard_domain, openshift, module_label) -> Au
"""In case of Authorino, AuthConfig used for authorization"""
authorization.remove_all_hosts()
authorization.add_host(wildcard_domain)
authorization.responses.add_json(
"another-json-returned-in-a-header", [Property("propX", Value("valueX"))], wrapper_key="x-ext-auth-other-json"
)
authorization.responses.add_json("x-ext-auth-other-json", {"propX": Value("valueX")})
return authorization


Expand Down
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
"""Conftest for authorino sharding tests"""
import pytest

from testsuite.objects import Property, Value
from testsuite.objects import Value
from testsuite.openshift.envoy import Envoy
from testsuite.openshift.objects.auth_config import AuthConfig

Expand Down Expand Up @@ -34,7 +34,7 @@ def _authorization(hostname=None, sharding_label=None):
hostnames=[hostname],
labels={"testRun": module_label, "sharding": sharding_label},
)
auth.responses.add_json("header", [Property("anything", Value(sharding_label))])
auth.responses.add_json("header", {"anything": Value(sharding_label)})
request.addfinalizer(auth.delete)
auth.commit()
return auth
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,11 @@ def authorization(authorization, first_api_key, second_api_key):
authorization.identity.add_api_key(
"priority-zero",
selector=first_api_key.selector,
credentials=Credentials("authorization_header", "APIKEY"),
credentials=Credentials("authorizationHeader", "APIKEY"),
priority=0,
)
authorization.identity.add_api_key(
"priority-one", selector=second_api_key.selector, credentials=Credentials("query", "APIKEY"), priority=1
"priority-one", selector=second_api_key.selector, credentials=Credentials("queryString", "APIKEY"), priority=1
)

return authorization
Expand Down
4 changes: 2 additions & 2 deletions testsuite/tests/kuadrant/authorino/response/test_auth_json.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@

import pytest

from testsuite.objects import Property, ValueFrom
from testsuite.objects import ValueFrom


@pytest.fixture(scope="module")
Expand All @@ -31,7 +31,7 @@ def authorization(authorization, path_and_value):
path, _ = path_and_value

authorization.responses.clear_all() # delete previous responses due to the parametrization
authorization.responses.add_json("header", [Property("anything", ValueFrom(path))])
authorization.responses.add_json("header", {"anything": ValueFrom(path)})
return authorization


Expand Down
4 changes: 2 additions & 2 deletions testsuite/tests/kuadrant/authorino/response/test_base64.py
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,14 @@

import pytest

from testsuite.objects import Property, ValueFrom
from testsuite.objects import ValueFrom


@pytest.fixture(scope="module")
def authorization(authorization):
"""Add response to Authorization"""
authorization.responses.add_json(
"header", [Property("anything", ValueFrom("context.request.http.headers.test|@base64:decode"))]
"header", {"anything": ValueFrom("context.request.http.headers.test|@base64:decode")}
)
return authorization

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

import pytest

from testsuite.objects import Property, Value
from testsuite.objects import Value


@pytest.fixture(scope="module", params=["123456789", "standardCharacters", "specialcharacters+*-."])
Expand All @@ -16,11 +16,11 @@ def header_name(request):
def authorization(authorization, header_name):
"""Add response to Authorization"""
authorization.responses.clear_all() # delete previous responses due to the parametrization
authorization.responses.add_json("header", [Property("anything", Value("one"))], wrapper_key=header_name)
authorization.responses.add_json(header_name, {"anything": Value("one")})
return authorization


def test_wrapper_key_with(auth, client, header_name):
def test_headers(auth, client, header_name):
"""Tests that value in correct Header"""
response = client.get("/get", auth=auth)
assert response.status_code == 200
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@

import pytest

from testsuite.objects import Property, Value
from testsuite.objects import Value


@pytest.fixture(scope="module")
def authorization(authorization):
"""Add response to Authorization"""
authorization.responses.add_json("header", [Property("anything", Value("one"))])
authorization.responses.add_json("X-Test", [Property("anything", Value("two"))])
authorization.responses.add_json("header", {"anything": Value("one")})
authorization.responses.add_json("X-Test", {"anything": Value("two")})
return authorization


Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@

import pytest

from testsuite.objects import Property, Value
from testsuite.objects import Value


@pytest.fixture(scope="module")
def authorization(authorization):
"""Add response to Authorization"""
authorization.responses.add_json("header", [Property("anything", Value("one"))])
authorization.responses.add_json("header", {"anything": Value("one")})
return authorization


Expand Down
8 changes: 7 additions & 1 deletion testsuite/tests/kuadrant/authorino/test_redirect.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,20 @@
"""
import pytest

from testsuite.objects import ValueFrom

STATUS_CODE = 302
REDIRECT_URL = "http://anything.inavlid?redirect_to="


@pytest.fixture(scope="module")
def authorization(authorization):
"""In case of Authorino, AuthConfig used for authorization"""
authorization.set_deny_with(STATUS_CODE, REDIRECT_URL + "{context.request.http.path}")
authorization.responses.set_deny_with(
"unauthenticated",
code=STATUS_CODE,
headers={"Location": ValueFrom(REDIRECT_URL + "{context.request.http.path}")},
)
return authorization


Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
"""Test api authentication with wristband-token that was acquired after authentication on the edge layer"""
import pytest
from jose import jwt

pytest.skip("Envoy dynamic metadata not yet implemented due to v1beta2 AuthConfig change", allow_module_level=True)


def test_wristband_token_claims(oidc_provider, auth, wristband_token, wristband_endpoint, certificates):
"""Verify acquired jwt token claims"""
Expand Down

0 comments on commit 9cb8f26

Please sign in to comment.